CS461-FA06-Final-Key.pdf

Net ID:

Information Assurance: Final Exam – Key

December 11, 2006

Multiple Choice – 2 points each

1. Mechanisms used to access resources should not be shared . This is a definition for

which Salzer and Schroeder's Design Principle.

a. Principle of Least Privilege

b. Principle of Safety

c. Principle of Economy of Mechanism

d. Principle of Least Common Mechanism

2. The Trusted Platform Module (TPM) can create a sealed bound message. What does

this involve?

a. Encrypt the message with a non-migrateable, public key associated with the

target TPM and include PCR values that must be met before the target TPM

will decrypt the message.

b. Encrypt the message with a non-migrateable, private key associated with the

source TPM and include PCR values that must be met before the target TPM

will decrypt the message.

c. Encrypt the message with a symmetric key shared with the target and source

TPM and include PCR values that must be met before the target TPM will

decrypt the message.

d. Encrypt the message with a non-migrateable, public key associated with the

target TPM.

3. Which of the following is the best definition of slack space?

a. The area of MySpace where the slackers hang out.

b. Unused area on the last block of disk assigned to a file.

c. Blank pages within a word document.

d. Associated streams on the NT File System.

4. The Encapsulating Security Payload (ESP) protocol in IPSec allows:

a. Encryption but not integrity checks.

b. Integrity checks but not encryption.

c. Encryption and integrity checks.

d. Compression and encryption.

5. The legal foundation of our privacy protection is:

a. 9 th amendment

b. Communications Assurance for Law Enforcement Act (CALEA)

c. 4 th amendment

d. PATRIOT Act

Information Assurance

Final Exam

Page 1

12/11/2006

Net ID:

6. Which of the following is the best definition of risk?

a. The identification of a weakness in the system.

b. Likelihood that an entity will attack the system.

c. A board game from Hasbro.

d. Probability that a threat will exploit a vulnerability.

7. A good encryption algorithm results in cipher text that appears random. Changes to

the key are not easily correlated to the cipher text. This property is called:

a. Avalanche effect

b. Feistel Network

c. Pigeonhole principle

d. Differential Cryptoanalysis

8. Made an error in writing this question. Meant to ask about Biba's low-water mark

policy. In this case the answer is c. Everyone got 2 free points on this one. In Biba's

Ring Model, which of the following is true?

a. On a read, the subject's level is set to that of the object.

b. On a write, the object's level is set to that of the subject.

c. On a read, the subject's level is set to the level of the object if the object's level

is less than the subject.

d. A subject is allowed to read an object only if the object has the same or higher

integrity than the subject.

9. In which of the following situations is it legal to monitor network traffic?

a. Dana hacked into Tara's computer, and Dana is watching Tara's instant

message traffic.

b. Dana hacked into Tara's computer, and Tara is watching Dana's IRC traffic

from the hacked machine.

c. Tara is at a coffee shop with unencrypted wireless and is sniffing traffic from

Dana's machine.

d. Dana and Tara are both logging into a common server owned by the

University, and Tara has gained access to observe Dana's instant message

traffic from that machine.

10. Which of the following is not a reasonable protection against online brute force

password attack?

a. Slowing response after each failed attempt.

b. Locking out the account after a fixed number of failed attempts.

c. Measure key entry speed to determine whether a human is entering the

password, and fail the attempt if the key speed does not what is expected from

a human.

d. Adding salt to the password.

Information Assurance

Final Exam

Page 2

12/11/2006

Net ID:

11. Which of the following is best described as a policy instead of a mechanism?

a. Fingerprint readers will be installed at the computing labs.

b. Students should be allowed access to the University's computing resources.

c. Wireless access points will be installed across the campus.

d. Students will be assigned pronouncable, generated passwords once every six

months.

12. Which of the following is true of the HRU Access Control Matrix model?

a. You can prove the safety properties of policies expressed in the model.

b. It is an efficient implementation model.

c. You can embed many access control policies in the model and compare them

on a common footing.

Information Assurance

Final Exam

Page 3

12/11/2006

Net ID:

Short answer

13. (6 points total) Gary's new computer has a CPU with a no-execute bit which is

exposed through the Data Execution Prevention (DEP) feature in the Window's

operating system. Gary wisely enables DEP.

a. Identify one malware exploit that is thwarted.

In general the OS will use the DEP bit to turn off execution of the stack segment. This

will foil stack smashing attacks.

b. Identify one malware exploit that is still possible.

Return to libc is not affected. You cannot turn of the executability of the library code

segment.

14. (10 points) Consider the ring memory protection scheme implemented by the Intel

architecture. Use action => condition constraints to derive what must be logged

during each data segment access so an auditor would have sufficient information to

ensure that the ring policy is correctly enforced. Be sure to show the constraints in

addition to the required logged values.

Ring architecture data access rules.

• CPL <= DPL

• RPL <= DPL

Current and requested privilege levels are at least as privileged as the data segment

privilege level if not more so.

Access data segment => CPL <= DPL && RPL <= DPL

Therefore, on each data segment access, should log CPL, RPL, and DPL, whether the

access succeeded. Should also log the segment ID's in case there is a discrepancy that

the auditor must track down.

Information Assurance

Final Exam

Page 4

12/11/2006

Net ID:

15. (9 points) Anwen is shopping for a high assurance network tunnel device for her

company. She is considering the following products which have Common Criteria

evaluations. Based on the basic Common Criteria information from each product,

how would you counsel Anwen on the different products?

a. Product A – Evaluated at EAL 4 based on a specialized security target.

Must examine the security target carefully to determine what functionality the product is

claiming. Since it is not using a protection profile it is not as easy to compare against

other products. The EAL is mid level and is probably satisfactory for most applications.

b. Product B – Evaluated at EAL 6 against a security target based on the Labeled

Security Protection Profile (LSPP).

While this is evaluated at a high assurance level, the functionality of a trusted operating

system (generally what uses the LSPP) may not be appropriate for this network security

device. Again will need to carefully consider what functionality the product is claiming.

c. Product C – Evaluated at EAL2 against a security target based on the

Configurable Security Guard (CSG) Protection Profile . Anwen notes that

highly regarded Product D in this space is evaluated against the same

protection profile. Unfortunately for a variety of non-technical reasons, she

cannot consider Product D.

The use of a common protection profile helps us compare the functionality of this product

with other well respected products in the field. The lower EAL 2 assurance level would

have me concerned. While it is probably implementing what we need, it may not be

sufficiently tested and reviewed to meet our assurance needs.

Information Assurance

Final Exam

Page 5

12/11/2006

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: